← back
CVE-2025-54291

Project existence disclosure in LXD images API

CVSS 6.9 MEDIUMEPSS 0.3%CWE-209
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Canonical · LXD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/canonical/lxd/security/advisories/GHSA-xch9-h8qw-85c7